v9.0.3

Changed

• chore(deps): bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in #183
• chore(deps): bump opentofu/setup-opentofu from 1.0.1 to 1.0.2 by @dependabot in #184

Commits changelog: v9.0.2...v9.0.3

v9.0.2

Changed

• remove sample lock files by @RDhar in #180
• chore(deps): bump actions/upload-artifact from 3.1.3 to 4.2.0 by @dependabot in #182

Commits changelog: v9.0.1...v9.0.2

v9.0.1

Changed

• docs: add changelog section header by @RDhar in #170
• docs: github action description by @RDhar in #171
• chore(deps): bump actions/github-script from 7.0.0 to 7.0.1 by @dependabot in #172
• docs: update action name by @RDhar in #176

Commits changelog: v9.0.0...v9.0.1

v9.0.0: GitHub Action Availability

Highlight

This project is now available as a GitHub Action and distributed via the GitHub Marketplace!

Added

• Composite action.yml to support GitHub Action implementation.
• Example tf.yml workflow for a functional demonstration of the GitHub Action... in action.
• Screenshots (with prefers-color-scheme dark and light) to exhibit a typical interaction within a PR conversation at the very top of README.md.

Changed

• Rename project to "tf-via-pr-comments" to emphasize the use of PR comments as the primary interface for TF command execution.
• Both PR conversation examples to reflect the new TF command input format.

Fixed

• PR comment reaction 👀 is now added for the duration of the workflow run, then removed upon completion.

Deprecated

• The reusable workflow has been superseded by composite action.yml which exposes the functionality with a lower barrier to entry.
• Bulk execution of TF commands is no longer possible since matrix strategy for jobs is not supported by composite actions.

Secured

• Pass sensitive values to the GitHub Action directly via environment variables.
• Support v9.X and above.

Commits changelog: v8.0.1...v9.0.0

v8.0.1: Bump hashicorp/setup-terraform

Changed

Sourced from hashicorp/setup-terraform's releases.

• Updated default runtime to node20 (#346)
• The wrapper around the installed Terraform binary has been fixed to return the exact STDOUT and STDERR from Terraform when executing commands. Previous versions of setup-terraform may have required workarounds to process the STDOUT in bash, such as filtering out the first line or selectively parsing STDOUT with jq. These workarounds may need to be adjusted with v3.0.0, which will now return just the STDOUT/STDERR from Terraform with no errant characters/statements. (#367)

Commits changelog: v8.0.0...v8.0.1

v8.0.0: OpenTofu Support, Format and Validate

Highlights

• Implemented OpenTofu GitHub Action to deliver first-class support for tofu, while maintaining backwards-compatibility with terraform.
• Optional TF fmt and validate steps available by default.

Added

• TVP_CLI_USES=tofu or TVP_CLI_USES=terraform for users to choose between opentofu/setup-opentofu or hashicorp/setup-terraform.
• TVP_FMT_ENABLE and TVP_VALIDATE_ENABLE to toggle TF fmt and validate commands, respectively.
• Diff of TF fmt command as a separate collapsible section in the PR comment.
• paths: ['**/*.tf*'] to on: pull_request so that the workflow is only triggered when a PR contains changes to Terraform files.
• TVP_BACKEND_CONFIG_FROM_WORKSPACE, TVP_BACKEND_CONFIG_PREFIX, and TVP_BACKEND_CONFIG_SUFFIX for consistency with TVP_VAR_FILE_ counterparts.

Changed

• References to "TF" from "Terraform", to be vendor-neutral with HashiCorp's and OpenTofu's offerings.
• PR labels prefix from terraform: to tf:, and change colour depending on tofu (#FFDA18) or terraform (#5C4EE5) usage.
• Documentation to reflect changes to inputs.

Deprecated

• CONFIG_TF_ prefixed variables to TVP_ prefix instead, to be consistent with Terraform/OpenTofu-Via-PR (TVP).

Secured

• Version support v8.0.0 and above.
• peter-evans/find-comment dependency by replacing with actions/github-script.
• xt0rted/pull-request-comment-branch dependency by replacing with actions/github-script.
• myrotvorets/set-commit-status-action dependency by replacing with actions/github-script.

Commits changelog: v7.1.0...v8.0.0

v7.1.0: Flag to check for PR review approval

Added

• Feature to check if CONFIG_TF_REQUIRE_APPROVAL is set to "true".
  • Verify that the PR review state is approved, otherwise exit the workflow with a failure.

Changed

• Reduce the PR comment limit to 64,800 characters from 131,056 stack size limitation.

Fixed

• Links to GitHub workflows from Readme documentation.
• Parsing of filtered Terraform comment output, including special characters.

Commits changelog: v7.0.0...v7.1.0

v7.0.0: Workflow Parameters and Security Enhancements

Highlights

• Added workflow parameters to customize the entry point of Terraform commands and minimize the need to type out the same arguments repeatedly.
• Dedicated workflow example to demonstrate AWS authentication with temporary/OIDC credentials passed in from the caller workflow.
• Improved handling of environment variables and masking of sensitive values.
• Improved documentation and inline comments to clarify the "why" as well as the "how".
• Amended Terraform output verbosity to account for lengthy plans in the context of GitHub's stack size limitation.

Added

• Parameter outputs of the workflow, including: COMMENT_SHA, PARSED_COMMENT, PROMPT_MATRIX, TF_PLAN_ID, and WORKING_DIRECTORY.
• Parameter input documentation, including: CONFIG_TF_CHDIR_PREFIX, CONFIG_TF_VAR_FILE_PREFIX, CONFIG_TF_VAR_FILE_SUFFIX, CONFIG_TF_WORKSPACE_AS_VAR_FILE, TF_CLI_HOSTNAME, TF_CLI_TOKEN, and TF_CLI_VERSION.
• Example caller_aws.yml to demonstrate passing temporary/OIDC credentials or secrets to the reusable workflow in the context of AWS authentication.
• Inline comments and README.md documentation to better clarify the purpose and intent of the workflow and its parameters to lower the barrier to entry for prospective users/contributors.
• Dynamic setting of -var-file arguments, to take into account CONFIG_TF_VAR_FILE_PREFIX, CONFIG_TF_VAR_FILE_SUFFIX, and CONFIG_TF_WORKSPACE_AS_VAR_FILE configuration variables.

Changed

• Prefix of workflow-related configuration variables from CONFIGURE_TF_ to CONFIG_TF_.
• Rename workflow without "(Multiple AWS)" in the title.
• Increase retry count of "actions/github-script" steps from 0 to 3.
• Filter Terraform output's verbosity in Bash instead of with "actions/github-script". This is to workaround GitHub's stack size limitation of 128 – 16 bytes for passing environment variables, resulting in "Argument list too long" error for lengthy plans. As a result, the output is truncated above the last 131056 characters to capture the final change summary of the Terraform command.

Removed

• Drop id-token: write permission scope by removing "aws-actions/configure-aws-credentials" GitHub Action.

Fixed

• Split the argument on the first equals sign, instead of the last, to assign key-value pairs.
• Populate environment variables only if supplied, instead of always.
• Mask environment variables only if they're not prefixed with CONFIG_TF_, instead of all of them, to avoid masking non-sensitive configuration values of the reusable workflow.

Secured

• Support v7.0.0 onwards.
• Bring required permissions inline with default access (permissive) for GITHUB_TOKEN (per documentation).
• Conceive original method to pass any number of secrets from the caller workflow to the reusable workflow security as masked, encrypted environment variables without requiring external artifacts or secrets store (per documentation): demonstrated with caller_aws.yml.
• Environment variables with the prefix BASE64_ are decoded from Base64 twice to account for security hardening of GitHub Actions. As a result, Base64 values passed from the caller workflow have to be encoded twice with | base64 -w0 | base64 -w0 before output.

Commits changelog: v6.0.0...v7.0.0

v6.0.0: Support Multiple Arguments with the Same Key

Highlights

Added support for passing comma-separated values, enabling multiple arguments to be generated with the same key. Use-cases include -target and -replace of multiple resources addresses.

Added

• Dynamically pass comma-separated values as multiple arguments to the same key.

Changed

• Optional chaining to parse argument values, when they exist.
• Instead of GitHub expressions with ternary operators, iterate of terraform variables with bash logic to account for: boolean flags, comma-separated and standard arguments.

Removed

• -target and -replace parameters from the uniquely identifying name of the terraform plan file.

Fixed

• Remove quotation marks outside of square brackets from argument value to account for -target/-replace with quotation marks in the resource address.

Security

• Only support v6 onwards.

Commits changelog: v5.2.0...v6.0.0

v5.2.0: Improve Terraform Output

Fixed

• Select the latest terraform output summary for the collapsible content's header (e.g., terraform apply -auto-approve where both plan and apply summaries are present in the output).

Commits changelog: v5.1.0...v5.2.0